From 11480d29b7dc425884754ce53a0a0461a786b505 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 21 May 2025 11:26:55 +0100 Subject: [PATCH 1/7] Rust: Add ArithmeticOperation library. --- .../rust/elements/ArithmeticOperation.qll | 41 +++++++++++++++++++ rust/ql/lib/rust.qll | 1 + .../library-tests/operations/Operations.ql | 8 ++++ rust/ql/test/library-tests/operations/test.rs | 22 +++++----- 4 files changed, 61 insertions(+), 11 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll diff --git a/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll b/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll new file mode 100644 index 000000000000..c91d65c976a9 --- /dev/null +++ b/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll @@ -0,0 +1,41 @@ +/** + * Provides classes for arithmetic operations. + */ + +private import codeql.rust.elements.BinaryExpr +private import codeql.rust.elements.PrefixExpr +private import codeql.rust.elements.Operation + +/** + * An arithmetic operation, such as `+`, `*=`, or `-`. + */ +abstract private class ArithmeticOperationImpl extends Operation { } + +final class ArithmeticOperation = ArithmeticOperationImpl; + +/** + * A binary arithmetic operation, such as `+` or `*`. + */ +final class BinaryArithmeticOperation extends BinaryExpr, ArithmeticOperationImpl { + BinaryArithmeticOperation() { + this.getOperatorName() = ["+", "-", "*", "/", "%"] + } +} + +/** + * An arithmetic assignment operation, such as `+=` or `*=`. + */ +final class AssignArithmeticOperation extends BinaryExpr, ArithmeticOperationImpl { + AssignArithmeticOperation() { + this.getOperatorName() = ["+=", "-=", "*=", "/=", "%="] + } +} + +/** + * A prefix arithmetic operation, such as `-`. + */ +final class PrefixArithmeticOperation extends PrefixExpr, ArithmeticOperationImpl { + PrefixArithmeticOperation() { + this.getOperatorName() = "-" + } +} diff --git a/rust/ql/lib/rust.qll b/rust/ql/lib/rust.qll index 4a533b34badc..3f39dee33375 100644 --- a/rust/ql/lib/rust.qll +++ b/rust/ql/lib/rust.qll @@ -4,6 +4,7 @@ import codeql.rust.elements import codeql.Locations import codeql.files.FileSystem import codeql.rust.elements.Operation +import codeql.rust.elements.ArithmeticOperation import codeql.rust.elements.AssignmentOperation import codeql.rust.elements.ComparisonOperation import codeql.rust.elements.LiteralExprExt diff --git a/rust/ql/test/library-tests/operations/Operations.ql b/rust/ql/test/library-tests/operations/Operations.ql index 482373c8d052..f33a8dec6b16 100644 --- a/rust/ql/test/library-tests/operations/Operations.ql +++ b/rust/ql/test/library-tests/operations/Operations.ql @@ -31,6 +31,14 @@ string describe(Expr op) { op instanceof LessOrEqualsOperation and result = "LessOrEqualsOperation" or op instanceof GreaterOrEqualsOperation and result = "GreaterOrEqualsOperation" + or + op instanceof ArithmeticOperation and result = "ArithmeticOperation" + or + op instanceof BinaryArithmeticOperation and result = "BinaryArithmeticOperation" + or + op instanceof AssignArithmeticOperation and result = "AssignArithmeticOperation" + or + op instanceof PrefixArithmeticOperation and result = "PrefixArithmeticOperation" } module OperationsTest implements TestSig { diff --git a/rust/ql/test/library-tests/operations/test.rs b/rust/ql/test/library-tests/operations/test.rs index dba47f5faa3d..a8fce0a0ee8a 100644 --- a/rust/ql/test/library-tests/operations/test.rs +++ b/rust/ql/test/library-tests/operations/test.rs @@ -19,17 +19,17 @@ fn test_operations( x >= y; // $ Operation Op=>= Operands=2 BinaryExpr ComparisonOperation RelationalOperation GreaterOrEqualsOperation Greater=x Lesser=y // arithmetic operations - x + y; // $ Operation Op=+ Operands=2 BinaryExpr - x - y; // $ Operation Op=- Operands=2 BinaryExpr - x * y; // $ Operation Op=* Operands=2 BinaryExpr - x / y; // $ Operation Op=/ Operands=2 BinaryExpr - x % y; // $ Operation Op=% Operands=2 BinaryExpr - x += y; // $ Operation Op=+= Operands=2 AssignmentOperation BinaryExpr - x -= y; // $ Operation Op=-= Operands=2 AssignmentOperation BinaryExpr - x *= y; // $ Operation Op=*= Operands=2 AssignmentOperation BinaryExpr - x /= y; // $ Operation Op=/= Operands=2 AssignmentOperation BinaryExpr - x %= y; // $ Operation Op=%= Operands=2 AssignmentOperation BinaryExpr - -x; // $ Operation Op=- Operands=1 PrefixExpr + x + y; // $ Operation Op=+ Operands=2 BinaryExpr ArithmeticOperation BinaryArithmeticOperation + x - y; // $ Operation Op=- Operands=2 BinaryExpr ArithmeticOperation BinaryArithmeticOperation + x * y; // $ Operation Op=* Operands=2 BinaryExpr ArithmeticOperation BinaryArithmeticOperation + x / y; // $ Operation Op=/ Operands=2 BinaryExpr ArithmeticOperation BinaryArithmeticOperation + x % y; // $ Operation Op=% Operands=2 BinaryExpr ArithmeticOperation BinaryArithmeticOperation + x += y; // $ Operation Op=+= Operands=2 AssignmentOperation BinaryExpr ArithmeticOperation AssignArithmeticOperation + x -= y; // $ Operation Op=-= Operands=2 AssignmentOperation BinaryExpr ArithmeticOperation AssignArithmeticOperation + x *= y; // $ Operation Op=*= Operands=2 AssignmentOperation BinaryExpr ArithmeticOperation AssignArithmeticOperation + x /= y; // $ Operation Op=/= Operands=2 AssignmentOperation BinaryExpr ArithmeticOperation AssignArithmeticOperation + x %= y; // $ Operation Op=%= Operands=2 AssignmentOperation BinaryExpr ArithmeticOperation AssignArithmeticOperation + -x; // $ Operation Op=- Operands=1 PrefixExpr ArithmeticOperation PrefixArithmeticOperation // logical operations a && b; // $ Operation Op=&& Operands=2 BinaryExpr LogicalOperation From fafdc1d181a114f43c3c17eb5268eb4a75a62fc1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 21 May 2025 11:33:28 +0100 Subject: [PATCH 2/7] Rust: Add BitwiseOperation library. --- .../codeql/rust/elements/BitwiseOperation.qll | 27 +++++++++++++++++++ rust/ql/lib/rust.qll | 1 + .../library-tests/operations/Operations.ql | 6 +++++ rust/ql/test/library-tests/operations/test.rs | 20 +++++++------- 4 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll diff --git a/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll b/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll new file mode 100644 index 000000000000..b906a2216ce3 --- /dev/null +++ b/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll @@ -0,0 +1,27 @@ +/** + * Provides classes for bitwise operations. + */ + +private import codeql.rust.elements.BinaryExpr +private import codeql.rust.elements.Operation + +/** + * A bitwise operation, such as `&`, `<<`, or `|=`. + */ +abstract private class BitwiseOperationImpl extends Operation { } + +final class BitwiseOperation = BitwiseOperationImpl; + +/** + * A binary bitwise operation, such as `&` or `<<`. + */ +final class BinaryBitwiseOperation extends BinaryExpr, BitwiseOperationImpl { + BinaryBitwiseOperation() { this.getOperatorName() = ["&", "|", "^", "<<", ">>"] } +} + +/** + * A bitwise assignment operation, such as `|=` or `<<=`. + */ +final class AssignBitwiseOperation extends BinaryExpr, BitwiseOperationImpl { + AssignBitwiseOperation() { this.getOperatorName() = ["&=", "|=", "^=", "<<=", ">>="] } +} diff --git a/rust/ql/lib/rust.qll b/rust/ql/lib/rust.qll index 3f39dee33375..e64b0e36abb8 100644 --- a/rust/ql/lib/rust.qll +++ b/rust/ql/lib/rust.qll @@ -6,6 +6,7 @@ import codeql.files.FileSystem import codeql.rust.elements.Operation import codeql.rust.elements.ArithmeticOperation import codeql.rust.elements.AssignmentOperation +import codeql.rust.elements.BitwiseOperation import codeql.rust.elements.ComparisonOperation import codeql.rust.elements.LiteralExprExt import codeql.rust.elements.LogicalOperation diff --git a/rust/ql/test/library-tests/operations/Operations.ql b/rust/ql/test/library-tests/operations/Operations.ql index f33a8dec6b16..76e9acfde3f6 100644 --- a/rust/ql/test/library-tests/operations/Operations.ql +++ b/rust/ql/test/library-tests/operations/Operations.ql @@ -39,6 +39,12 @@ string describe(Expr op) { op instanceof AssignArithmeticOperation and result = "AssignArithmeticOperation" or op instanceof PrefixArithmeticOperation and result = "PrefixArithmeticOperation" + or + op instanceof BitwiseOperation and result = "BitwiseOperation" + or + op instanceof BinaryBitwiseOperation and result = "BinaryBitwiseOperation" + or + op instanceof AssignBitwiseOperation and result = "AssignBitwiseOperation" } module OperationsTest implements TestSig { diff --git a/rust/ql/test/library-tests/operations/test.rs b/rust/ql/test/library-tests/operations/test.rs index a8fce0a0ee8a..72cb8269636f 100644 --- a/rust/ql/test/library-tests/operations/test.rs +++ b/rust/ql/test/library-tests/operations/test.rs @@ -37,16 +37,16 @@ fn test_operations( !a; // $ Operation Op=! Operands=1 PrefixExpr LogicalOperation // bitwise operations - x & y; // $ Operation Op=& Operands=2 BinaryExpr - x | y; // $ Operation Op=| Operands=2 BinaryExpr - x ^ y; // $ Operation Op=^ Operands=2 BinaryExpr - x << y; // $ Operation Op=<< Operands=2 BinaryExpr - x >> y; // $ Operation Op=>> Operands=2 BinaryExpr - x &= y; // $ Operation Op=&= Operands=2 AssignmentOperation BinaryExpr - x |= y; // $ Operation Op=|= Operands=2 AssignmentOperation BinaryExpr - x ^= y; // $ Operation Op=^= Operands=2 AssignmentOperation BinaryExpr - x <<= y; // $ Operation Op=<<= Operands=2 AssignmentOperation BinaryExpr - x >>= y; // $ Operation Op=>>= Operands=2 AssignmentOperation BinaryExpr + x & y; // $ Operation Op=& Operands=2 BinaryExpr BitwiseOperation BinaryBitwiseOperation + x | y; // $ Operation Op=| Operands=2 BinaryExpr BitwiseOperation BinaryBitwiseOperation + x ^ y; // $ Operation Op=^ Operands=2 BinaryExpr BitwiseOperation BinaryBitwiseOperation + x << y; // $ Operation Op=<< Operands=2 BinaryExpr BitwiseOperation BinaryBitwiseOperation + x >> y; // $ Operation Op=>> Operands=2 BinaryExpr BitwiseOperation BinaryBitwiseOperation + x &= y; // $ Operation Op=&= Operands=2 AssignmentOperation BinaryExpr BitwiseOperation AssignBitwiseOperation + x |= y; // $ Operation Op=|= Operands=2 AssignmentOperation BinaryExpr BitwiseOperation AssignBitwiseOperation + x ^= y; // $ Operation Op=^= Operands=2 AssignmentOperation BinaryExpr BitwiseOperation AssignBitwiseOperation + x <<= y; // $ Operation Op=<<= Operands=2 AssignmentOperation BinaryExpr BitwiseOperation AssignBitwiseOperation + x >>= y; // $ Operation Op=>>= Operands=2 AssignmentOperation BinaryExpr BitwiseOperation AssignBitwiseOperation // miscellaneous expressions that might be operations *ptr; // $ Operation Op=* Operands=1 PrefixExpr From 6c19cecb076115d621f1725dcccd1b1a1114f991 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 21 May 2025 11:55:48 +0100 Subject: [PATCH 3/7] Rust: Add DerefExpr class. --- rust/ql/lib/codeql/rust/elements/DerefExpr.qll | 13 +++++++++++++ rust/ql/lib/rust.qll | 1 + rust/ql/test/library-tests/operations/Operations.ql | 2 ++ rust/ql/test/library-tests/operations/test.rs | 2 +- 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 rust/ql/lib/codeql/rust/elements/DerefExpr.qll diff --git a/rust/ql/lib/codeql/rust/elements/DerefExpr.qll b/rust/ql/lib/codeql/rust/elements/DerefExpr.qll new file mode 100644 index 000000000000..28302a934117 --- /dev/null +++ b/rust/ql/lib/codeql/rust/elements/DerefExpr.qll @@ -0,0 +1,13 @@ +/** + * Provides classes for deref expressions (`*`). + */ + +private import codeql.rust.elements.PrefixExpr +private import codeql.rust.elements.Operation + +/** + * A dereference expression, `*`. + */ +final class DerefExpr extends PrefixExpr, Operation { + DerefExpr() { this.getOperatorName() = "*" } +} diff --git a/rust/ql/lib/rust.qll b/rust/ql/lib/rust.qll index e64b0e36abb8..209a002663f4 100644 --- a/rust/ql/lib/rust.qll +++ b/rust/ql/lib/rust.qll @@ -8,6 +8,7 @@ import codeql.rust.elements.ArithmeticOperation import codeql.rust.elements.AssignmentOperation import codeql.rust.elements.BitwiseOperation import codeql.rust.elements.ComparisonOperation +import codeql.rust.elements.DerefExpr import codeql.rust.elements.LiteralExprExt import codeql.rust.elements.LogicalOperation import codeql.rust.elements.AsyncBlockExpr diff --git a/rust/ql/test/library-tests/operations/Operations.ql b/rust/ql/test/library-tests/operations/Operations.ql index 76e9acfde3f6..2c2c7ac7e996 100644 --- a/rust/ql/test/library-tests/operations/Operations.ql +++ b/rust/ql/test/library-tests/operations/Operations.ql @@ -45,6 +45,8 @@ string describe(Expr op) { op instanceof BinaryBitwiseOperation and result = "BinaryBitwiseOperation" or op instanceof AssignBitwiseOperation and result = "AssignBitwiseOperation" + or + op instanceof DerefExpr and result = "DerefExpr" } module OperationsTest implements TestSig { diff --git a/rust/ql/test/library-tests/operations/test.rs b/rust/ql/test/library-tests/operations/test.rs index 72cb8269636f..662a5ce02524 100644 --- a/rust/ql/test/library-tests/operations/test.rs +++ b/rust/ql/test/library-tests/operations/test.rs @@ -49,7 +49,7 @@ fn test_operations( x >>= y; // $ Operation Op=>>= Operands=2 AssignmentOperation BinaryExpr BitwiseOperation AssignBitwiseOperation // miscellaneous expressions that might be operations - *ptr; // $ Operation Op=* Operands=1 PrefixExpr + *ptr; // $ Operation Op=* Operands=1 PrefixExpr DerefExpr &x; // $ RefExpr res?; From b8f0e4d7e054942f29c1a44cd1995527dd1e07ce Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 21 May 2025 13:49:46 +0100 Subject: [PATCH 4/7] Rust: Use DerefExpr. --- rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll | 2 +- rust/ql/lib/codeql/rust/internal/TypeInference.qll | 6 ++---- .../codeql/rust/security/AccessInvalidPointerExtensions.qll | 4 +--- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll index 9bb2029cd447..790186bf2c9f 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll @@ -610,7 +610,7 @@ module Impl { exists(Expr mid | assignmentExprDescendant(mid) and getImmediateParent(e) = mid and - not mid.(PrefixExpr).getOperatorName() = "*" and + not mid instanceof DerefExpr and not mid instanceof FieldExpr and not mid instanceof IndexExpr ) diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index bae628b47233..6ddaa81bfbfc 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -259,8 +259,7 @@ private predicate typeEqualityLeft(AstNode n1, TypePath path1, AstNode n2, TypeP typeEquality(n1, path1, n2, path2) or n2 = - any(PrefixExpr pe | - pe.getOperatorName() = "*" and + any(DerefExpr pe | pe.getExpr() = n1 and path1.isCons(TRefTypeParameter(), path2) ) @@ -271,8 +270,7 @@ private predicate typeEqualityRight(AstNode n1, TypePath path1, AstNode n2, Type typeEquality(n1, path1, n2, path2) or n2 = - any(PrefixExpr pe | - pe.getOperatorName() = "*" and + any(DerefExpr pe | pe.getExpr() = n1 and path1 = TypePath::cons(TRefTypeParameter(), path2) ) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 377886092117..36abfb62d541 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -50,9 +50,7 @@ module AccessInvalidPointer { * A pointer access using the unary `*` operator. */ private class DereferenceSink extends Sink { - DereferenceSink() { - exists(PrefixExpr p | p.getOperatorName() = "*" and p.getExpr() = this.asExpr().getExpr()) - } + DereferenceSink() { exists(DerefExpr p | p.getExpr() = this.asExpr().getExpr()) } } /** From b22ce5515fe6a52aa7150b028072f86dcb75036e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 21 May 2025 14:15:47 +0100 Subject: [PATCH 5/7] Rust: Make RefExpr an Operation. --- rust/ql/lib/codeql/rust/elements/internal/RefExprImpl.qll | 7 ++++++- rust/ql/test/library-tests/operations/test.rs | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/RefExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/RefExprImpl.qll index 83f32d892fbb..752b94dbacd2 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/RefExprImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/RefExprImpl.qll @@ -5,6 +5,7 @@ */ private import codeql.rust.elements.internal.generated.RefExpr +private import codeql.rust.elements.internal.OperationImpl::Impl as OperationImpl /** * INTERNAL: This module contains the customizable definition of `RefExpr` and should not @@ -21,11 +22,15 @@ module Impl { * let raw_mut: &mut i32 = &raw mut foo; * ``` */ - class RefExpr extends Generated::RefExpr { + class RefExpr extends Generated::RefExpr, OperationImpl::Operation { override string toStringImpl() { result = "&" + concat(int i | | this.getSpecPart(i), " " order by i) } + override string getOperatorName() { result = "&" } + + override Expr getAnOperand() { result = this.getExpr() } + private string getSpecPart(int index) { index = 0 and this.isRaw() and result = "raw" or diff --git a/rust/ql/test/library-tests/operations/test.rs b/rust/ql/test/library-tests/operations/test.rs index 662a5ce02524..c3cde698aa0d 100644 --- a/rust/ql/test/library-tests/operations/test.rs +++ b/rust/ql/test/library-tests/operations/test.rs @@ -50,7 +50,7 @@ fn test_operations( // miscellaneous expressions that might be operations *ptr; // $ Operation Op=* Operands=1 PrefixExpr DerefExpr - &x; // $ RefExpr + &x; // $ Operation Op=& Operands=1 RefExpr MISSING: PrefixExpr res?; return Ok(()); From dc280c6fb7e42f59406d63c0e6b6b01423ae7e2d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 22 May 2025 15:18:45 +0100 Subject: [PATCH 6/7] Rust: Add missing assignment class relations. --- .../rust/elements/ArithmeticOperation.qll | 17 +++++++---------- .../codeql/rust/elements/BitwiseOperation.qll | 3 ++- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll b/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll index c91d65c976a9..81abffa1a385 100644 --- a/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll +++ b/rust/ql/lib/codeql/rust/elements/ArithmeticOperation.qll @@ -5,6 +5,7 @@ private import codeql.rust.elements.BinaryExpr private import codeql.rust.elements.PrefixExpr private import codeql.rust.elements.Operation +private import codeql.rust.elements.AssignmentOperation /** * An arithmetic operation, such as `+`, `*=`, or `-`. @@ -17,25 +18,21 @@ final class ArithmeticOperation = ArithmeticOperationImpl; * A binary arithmetic operation, such as `+` or `*`. */ final class BinaryArithmeticOperation extends BinaryExpr, ArithmeticOperationImpl { - BinaryArithmeticOperation() { - this.getOperatorName() = ["+", "-", "*", "/", "%"] - } + BinaryArithmeticOperation() { this.getOperatorName() = ["+", "-", "*", "/", "%"] } } /** * An arithmetic assignment operation, such as `+=` or `*=`. */ -final class AssignArithmeticOperation extends BinaryExpr, ArithmeticOperationImpl { - AssignArithmeticOperation() { - this.getOperatorName() = ["+=", "-=", "*=", "/=", "%="] - } +final class AssignArithmeticOperation extends BinaryExpr, ArithmeticOperationImpl, + AssignmentOperation +{ + AssignArithmeticOperation() { this.getOperatorName() = ["+=", "-=", "*=", "/=", "%="] } } /** * A prefix arithmetic operation, such as `-`. */ final class PrefixArithmeticOperation extends PrefixExpr, ArithmeticOperationImpl { - PrefixArithmeticOperation() { - this.getOperatorName() = "-" - } + PrefixArithmeticOperation() { this.getOperatorName() = "-" } } diff --git a/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll b/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll index b906a2216ce3..3c1f63158b62 100644 --- a/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll +++ b/rust/ql/lib/codeql/rust/elements/BitwiseOperation.qll @@ -4,6 +4,7 @@ private import codeql.rust.elements.BinaryExpr private import codeql.rust.elements.Operation +private import codeql.rust.elements.AssignmentOperation /** * A bitwise operation, such as `&`, `<<`, or `|=`. @@ -22,6 +23,6 @@ final class BinaryBitwiseOperation extends BinaryExpr, BitwiseOperationImpl { /** * A bitwise assignment operation, such as `|=` or `<<=`. */ -final class AssignBitwiseOperation extends BinaryExpr, BitwiseOperationImpl { +final class AssignBitwiseOperation extends BinaryExpr, BitwiseOperationImpl, AssignmentOperation { AssignBitwiseOperation() { this.getOperatorName() = ["&=", "|=", "^=", "<<=", ">>="] } } From 1e64f50c3c77f6a59651033b0462d496fb83a5f5 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 27 May 2025 08:51:00 +0100 Subject: [PATCH 7/7] Apply suggestions from code review Co-authored-by: Simon Friis Vindum --- rust/ql/lib/codeql/rust/elements/DerefExpr.qll | 2 +- .../lib/codeql/rust/security/AccessInvalidPointerExtensions.qll | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/DerefExpr.qll b/rust/ql/lib/codeql/rust/elements/DerefExpr.qll index 28302a934117..0eb54d4930da 100644 --- a/rust/ql/lib/codeql/rust/elements/DerefExpr.qll +++ b/rust/ql/lib/codeql/rust/elements/DerefExpr.qll @@ -6,7 +6,7 @@ private import codeql.rust.elements.PrefixExpr private import codeql.rust.elements.Operation /** - * A dereference expression, `*`. + * A dereference expression, the prefix operator `*`. */ final class DerefExpr extends PrefixExpr, Operation { DerefExpr() { this.getOperatorName() = "*" } diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 36abfb62d541..444db0142090 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -50,7 +50,7 @@ module AccessInvalidPointer { * A pointer access using the unary `*` operator. */ private class DereferenceSink extends Sink { - DereferenceSink() { exists(DerefExpr p | p.getExpr() = this.asExpr().getExpr()) } + DereferenceSink() { any(DerefExpr p).getExpr() = this.asExpr().getExpr() } } /**